> EFF has criticized WhatsApp for being closed source, but not for this particular aspect of the key exchange functionality.
The articles I've seen appeared carefully worded so as to achieve some balance, but did express some criticism and concern.
"Nevertheless, this is certainly a vulnerability of WhatsApp, and they should give users the choice to opt into more restrictive Signal-like defaults." from:
> By making the discredited argument that WhatsApp's key-change behavior is a fatal flaw, you're disagreeing with... and about 50 more experts equally respected in the field if less known to the typical HN reader.
No, the vulnerability was confirmed and the argument that it represents a fatal flaw for those needing fully secure communications is sound. No one competent (and intellectually honest) has disputed this, or would even try to do so. The open letter itself acknowledges it, and I know every open letter signer I followed did so as well.
What the open letter did was take issue with the language used by The Guardian, point out the potential for such language to scare some people into less secure solutions, and argue that the vulnerability is a reasonable trade-off for convenience that can benefit some users too.
> Signal does not have this vulnerability, but WhatsApp has it.
That might need a footnote or something. TheGuardian is reporting: Moxie Marlinspike of OWS said Signal planned to make blocking notifications an option for some users and use non-blocking notifications by default.
> Browser vendors really need to change their attitude towards extensions, as they basically allow users to install malware/spyware in their browsers without performing any real certification / auditing.
Browser vendors have already increased restrictions on extensions to the point where it impedes the development and use of some security improving extensions. There may be some things that could be changed to improve transparency and end user control. But it is ultimately the end user's responsibility to determine what is and isn't appropriate for their use. Browser vendors don't have enough information to make that call.
> At the very least there should be a way for users to see a full audit log of the information that an extension sends to remote servers, as this is usually already enough to tell if the extension is sending more data than it should.
Which of the popular browser's don't have the ability to display network traffic? I've used the one in Chrome and the one in Firefox on multiple occasions.
Normally, the problem isn't detecting that an extension is sending data to a server. The problem is that people don't look for that and discover it. Or they discover it and tolerate it based on a hope that the data will never be misused. Cloudy judgement.
If "You can be very sure that the anonymous person you communicated with last week is the same anonymous person you are communicating with and potentially transacting with today." that person DOESN'T have strong anonymity.
If "You can be very sure that any transaction you make cannot be disputed." then you DON'T have strong anonymity.
> These discussions always avoid talking about the merits of data-driven design and always assume malicious intent.
Perhaps because most of the time the implementations do some harm, the doing of that harm is by design, there are ulterior motives, it is forced upon users, and the representations made to users are intentionally vague and misleading.
I think they'd have to monitor and restrict thoughts or at least be able to extract memories. The frightening thing is: if there ever comes a time when such technology is available, they will try to use it.
> your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large.
No. It should know what the user wants it to know. Which may or may not be those things.
And if someone else controls what you can and cannot do on the platform, the platform really isn't secure from your point of view. This is especially true when that someone not only has that control but also has access to your activities, metadata, data, PII, etc through cloud based applications and features, telemetry, central store registration/purchases, etc.
Various businesses have a "take pictures of customers" policy. Medical offices are one example, due to insurance fraud they say. They typically don't ask. They simply tell the customer that they are about to take a picture and it is over before they know it.
When I spot such a camera I stand to the side so they have to ask me to move in front of the camera. Which is when I politely refuse to participate. They don't like that very much. Last time, the person made a "well you might not be able to refuse next time" remark. He may be correct, or not, we'll see.
These are cases where the images should never be uploaded to a public database or shared with any other parties. However, given the increasing use of SaaS and cloud providers, exposure to some third-parties is highly likely. Any consumer information hitting the cloud is at high risk of abuse.
In addition to those scenarios you have cameras behind ATMs, cameras embedded within grocery store self-checkout lines, etc and so forth. It has already become difficult to control your image and, in some cases, prevent that image from being combined with other personally identifiable information.
For one thing, such a scenario would typically involve the uploading of said picture or facial data or faceprint data to a third party. You have no idea how that third-party will use and/or share the information.
Some people will not have a public profile picture but they too could be subjected to it.
Ever seen an analysis of the traffic and breakdown of the metadata you speak of? If an account or device or advertising or other unique ID is sent to Google, it could help Google to track the user's IP Address changes and locations.
> We've completely accepted auto updates for browsers (chrme & firefox) - years ago.
Enabling automatic updates from outside organizations SHOULD get you fired in any and every business where security is important. I've never seen it done in such environments, and certainly would never do it myself.
For that one chain at least. You don't want to be the end that causes all of your chains to be insecure.
Related: if you use your own server you can setup as many aliases as you need. You can use a unique one for each company you do business with, for example. Doing so increases the probability that you will detect when your email address (and possibly other info) has been shared or leaked at the other end. It isn't guaranteed to happen, but what often happens is the compromised email address is used to send you spam. If the email address is properly unique (not easily guessed or dictionary attacked) you'll immediately know which company might have leaked it and you can investigate. You can quickly change that one email alias and registration, without affecting your other accounts.
We may want to reach a point where we trust things we use, but if we're using a security-grade definition of trust and we're honest with ourselves, I think every one of us would admit that we're using something(s) that we do not trust. There just isn't enough time to properly review, test, and verifying things.
> The Federal government isn't asking Apple to create a backdoor. Their asking apple to use the backdoor that already exists.
Basically. Unfortunately, most of the reporting is focused on the payload Apple is being asked to create and doesn't draw enough attention to that "existing backdoor" that will allow such a payload to be successfully installed.
Eliminating that "existing backdoor" should be a priority. I see some, here, expressing the thought that Apple might be working on that. I think Apple needs to be pressed, hard, on that very subject.
Security requires freedom, and cannot be achieved without it. If you don't have the freedom to determine the behavior of your personal computing device, select the ways it is and isn't locked down, control updates to it, and inspect encrypted communications to/from it, that device and your usage of it are insecure.
We should not reinforce the idea that one must sacrifice freedom for security, sacrifice privacy for security, etc. Those are false choices based on fundamentally flawed definitions of "secure" and "security".
The articles I've seen appeared carefully worded so as to achieve some balance, but did express some criticism and concern.
"Nevertheless, this is certainly a vulnerability of WhatsApp, and they should give users the choice to opt into more restrictive Signal-like defaults." from:
https://www.eff.org/deeplinks/2017/01/google-launches-key-tr...
Key change notification concerns paragraph from:
https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wr...